Circle of (Dis)trust - Exel: Drexel University's Research Magazine
 
 

_NEWS

_Circle of (Dis)trust

Computer science professor Rachel Greenstadt is using authorship-recognition tools to identify cybercriminals and assess the level of trust present in Web-based hacker forums.

_Rachel Greenstadt

Greenstadt is an assistant professor of computer science in the College of Computing & Informatics.

Rachel Greenstadt has gone underground and online to hunt for hackers in digital forums. They’re a slippery bunch — they go to great lengths to craft fake identities. Through her research, Greenstadt is hoping to break through their secrecy and learn more about who they are and how they interact with each other.

Specifically, Greenstadt wants to understand the level of trust among profit-driven hackers, like those who focus on money laundering or stolen passwords and accounts, and how they govern themselves in online forums.

Her work is funded by the National Science Foundation and is being field-tested through collaboration with the Philadelphia branch of the FBI.

In online forums or marketplaces, users create identities to post public messages. Usually, the post is about buying or selling anything from hacked credit card numbers to lists of email addresses.

Users have to earn credit and reputation to access parts of forums and get other users to trust and trade with them.

Leetspeak

CAN_YOU_READ_LEETSPEAK?

Leetspeak is an alternative alphabet used by hacker communities in which letters are substituted with numbers. For example, leet is slang for “elite” and is spelled “I337.”

Trust has value, but it can also be exploited. “These are cybercriminals, so sometimes they’ll break the rules and create fake identities in the same forum to rip people off or drive up demand,” she says.

With help from students in her privacy, security and automation lab and Damon McCoy, a collaborator at George Mason University, Greenstadt uses authorship-recognition tools and cross validation to spot doppelganger accounts.

“These are all hackers and criminals, so occasionally the forums themselves get hacked or an administrator gets angry at another administrator and they’ll post a dump of the forum, including all the private messages, to RapidShare.com [a data-sharing website] or something,” Greenstadt explains. “That’s where we get our data.”

Greenstadt, together with postdoctoral researcher Vaibhav Garg, is exploring five different forum dumps from around 2010 and 2011 — specifically ones in German or Russian.

One student in her lab can translate and speak German, but the foreign language barrier isn’t even the biggest problem.

“It’s a challenging dataset because it’s not in English, but it’s also not really in Russian or German. It’s in leetspeak,” Greenstadt says.